Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Watch out - that Tor browser install could just be malware

Tor

Criminals have been discovered distributing fake Tor browsers that are designed to steal cryptocurrency, and so far, have been quite successful, raking in roughly $400,000 in various tokens from unsuspecting victims, experts have warned

Cybersecurity researchers from Kaspersky are warning users to watch out for Tor browser installers from third-party stores. 

They’ve spotted one such executable sitting in a password-protected RAR archive which, when extracted and installed, monitors the Windows clipboard for cryptocurrency wallets. If it spots one, it will replace it with one controlled by the attacker. 

Complicated addresses

When a person tries to send funds from one address to another, they would usually copy and paste the recipient’s address, as these are a long string of seemingly random characters which are almost impossible to remember.

If the malware replaces the copied address with a different one, chances are the victim won’t see the difference and will just send the funds to the wrong address. 

The method actually works quite well, as these attackers stole some $400,000 from roughly 16,000 users, just this year. Most of the stolen cash is in Bitcoin ($380,000), Litecoin ($10,000), Ethereum ($4,800), and Dogecoin ($517). Due to the way the malware is designed, the researchers can’t be absolutely certain about the amount of money stolen, and speculate that the final figure is probably even bigger. 

While the victims are scattered all over the world (52 countries) the bulk of them reside in Russia, followed by Ukraine, and the US. The researchers believe Russians were the biggest targets as Tor was first banned, and later censored, in the country. That made Russians look for alternative places to grab the famed browser from.

"The Tor Project called to help keep Russian users connected to Tor to circumvent censorship," said Vitaly Kamluk, head of Kaspersky's Global Research and Analysis Team for APAC. "Malware authors heard the call and responded by creating trojanized Tor browser bundles and distributing them among Russian-speaking users."

Via: The Register

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.